Users who want to remain anonymous online often opt for using the Tor Browser, which hides their real IP address, but there are techniques that (more or less) malicious actors can used to identify them. <\/p>\n<\/p>\n
Browser and system fingerprinting are two of them. And while the Tor Project has already implemented a number of countermeasures against different fingerprinting methods, newer ones are popping up every now and then. <\/p>\n
The latest ones have been demonstrated by security researcher Jose Carlos Norte. <\/p>\n
He created proof-of-concept JavaScript code that can be inserted into the source code of a website to extract information about how users interact with their computer, their hardware, the computing power and memory speed of their computer, and so on. <\/p>\n
This code allowed him to: <\/p>\n
The script manages to collect this information because Norte found a way to bypass the protection of the Date.getTime() method, which prevents measuring of events happening under 100ms. <\/p>\n
If a website is able to generate a unique fingerprint that identifies each user that enters the page, then it is possible to track the activity of this user in time, for example, correlate visits of the user during an entire year, knowing that its the same user, Norte explains. <\/p>\n
Or even worse, it could be possible to identify the user if the fingerprint is the same in tor browser and in the normal browser used to browse internet. It is very important for the tor browser to prevent any attempt on fingerprinting the user. <\/p>\n
Here is an example of how the fingerprint of different users using the same Tor browser version but different computers can differ: <\/p>\n<\/p>\n
Whether this fingerprinting method can ultimately lead to the unmasking of Tor users or not is debatable, but its good to know that security researchers are probing the defenses of such crucial software, because we can be sure malicious users do so constantly. <\/p>\n
Norte hopes that his research will spur Tor developers to find a solution to this problem. Apparently, it already has. <\/p>\n
In the meantime, in this particular case, users can protect themselves by simply disabling JavaScript on the Tor Browser (it is currently enabled by default). <\/p>\n
<\/p>\n
Excerpt from: Users who want to remain anonymous online often opt for using the Tor Browser, which hides their real IP address, but there are techniques that (more or less) malicious actors can used to identify them. Browser and system fingerprinting are two of them. And while the Tor Project has already implemented a number of countermeasures against different fingerprinting methods, newer ones are popping up every now and then Continue reading
\nNew ways to fingerprint Tor Browser users discovered - Help ...<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"